AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-04-11 · Documentation low

File: prescriptive-guidance/latest/least-privilege-cloudformation/sample-id-policies-for-cloudformation.md

Summary

Corrected quotation marks in multiple IAM policy examples

Security assessment

Formatting fixes to existing security documentation about least-privilege CloudFormation policies without changing security meaning

Diff

diff --git a/prescriptive-guidance/latest/least-privilege-cloudformation/sample-id-policies-for-cloudformation.md b/prescriptive-guidance/latest/least-privilege-cloudformation/sample-id-policies-for-cloudformation.md
index d48fc40d6..409b65517 100644
--- a//prescriptive-guidance/latest/least-privilege-cloudformation/sample-id-policies-for-cloudformation.md
+++ b//prescriptive-guidance/latest/least-privilege-cloudformation/sample-id-policies-for-cloudformation.md
@@ -30,8 +30,8 @@ View access is the least-privileged type of access to CloudFormation. This kind
-        “Version”:”2012-10-17”,
-        “Statement”:[{
-            “Effect”:”Allow”,
-            “Action”:[
-                “cloudformation:DescribeStacks”,
-                “cloudformation:DescribeStackEvents”,
-                “cloudformation:DescribeStackResource”,
-                “cloudformation:DescribeStackResources”
+        "Version":"2012-10-17",
+        "Statement":[{
+            "Effect":"Allow",
+            "Action":[
+                "cloudformation:DescribeStacks",
+                "cloudformation:DescribeStackEvents",
+                "cloudformation:DescribeStackResource",
+                "cloudformation:DescribeStackResources"
@@ -39 +39 @@ View access is the least-privileged type of access to CloudFormation. This kind
-            “Resource”:”*”
+            "Resource":"*"
@@ -53,2 +53,2 @@ Allow the IAM principal to have read-only access to this S3 bucket. This helps p
-      “Version”:”2012-10-17”,
-      “Statement”:[
+      "Version":"2012-10-17",
+      "Statement":[
@@ -56,6 +56,6 @@ Allow the IAM principal to have read-only access to this S3 bucket. This helps p
-          “Effect” : “Allow”,
-          “Action” : [ “cloudformation:CreateStack”],
-          “Resource” : “*”,
-          “Condition” : {
-            “StringLike” : {
-              “cloudformation:TemplateUrl” : “https:// my-CFN-templates.s3.amazonaws.com/*” 
+          "Effect" : "Allow",
+          "Action" : [ "cloudformation:CreateStack"],
+          "Resource" : "*",
+          "Condition" : {
+            "StringLike" : {
+              "cloudformation:TemplateUrl" : "https:// my-CFN-templates.s3.amazonaws.com/*" 
@@ -81 +81 @@ To help protect specific CloudFormation stacks that provision business-critical
-            "Resource":"arn:aws:cloudformation:us-east-1:123456789012:stack/MyProductionStack/<stack_ID>”
+            "Resource":"arn:aws:cloudformation:us-east-1:123456789012:stack/MyProductionStack/<stack_ID>"